An abnormal behavior detection technology for run-time mobile application

Abstract

In view of the problem of the high cost of monitoring the API calling behavior of the mobile application, a dynamic behavior detection technology was proposed for inserting the API monitoring code into the mobile application layer. The method, which didn't have access to the root permissions, can be used to insert the monitoring code of the sensitive API calling in the application native layer through an hook method, and realize the monitoring and recording of the application behavior. Then, by inserting the monitoring code in the normal samples and malicious samples, the API behavior feature sample library was obtained after the automatic installation and operation. Finally, the behavior feature library was trained by the SVM algorithm to obtain the classifier. The classifier can be used as the basis for the anomaly detection of the dynamic behavior of the mobile applications in the actual operating environment.